name: pull request comment
on:
  issue_comment:
    types: [created]
env:
  GH_USER: "github-actions[bot]"
  GH_EMAIL: "<41898282+github-actions[bot]@users.noreply.github.com>"
  CI_TOOLS_DIR: /home/runner/work/kuma/kuma/.ci_tools
permissions:
  contents: read
jobs:
  pr_comments:
    timeout-minutes: 30
    if: github.event.issue.pull_request != '' && (contains(github.event.comment.body, '/format') || contains(github.event.comment.body, '/golden_files'))
    runs-on: ubuntu-latest
    steps:
      - name: Generate GitHub app token
        id: github-app-token
        uses: actions/create-github-app-token@f4c6bf6752984b3a29fcc135a5e70eb792c40c6b # v1.8.0
        with:
          app-id: ${{ secrets.APP_ID }}
          private-key: ${{ secrets.APP_PRIVATE_KEY }}
      - name: check-maintainer
        run: |
          # Ensure the commenter is a maintainer
          if [[ `gh api  '/repos/${{ github.repository }}/collaborators?permission=maintain' --paginate --jq '.[].login' | grep ${{ github.event.comment.user.login }}` ]]; then
            gh api --method POST -f content='+1' ${{ github.event.comment.url }}/reactions
          else
            gh api --method POST -f content='-1' ${{ github.event.comment.url }}/reactions
            echo "${{ github.event.comment.user.login }} is not a maintainer of the repo, can't run this action"
            exit 1
          fi
        env:
          GITHUB_TOKEN: ${{ steps.github-app-token.outputs.token }}
      - id: get-branch
        run: |
          echo "BRANCH_NAME=$(gh pr view ${{ github.event.issue.number }} --repo ${{ github.repository }} --json headRefName --jq '.headRefName')" >> $GITHUB_ENV
          echo "REPO=$(gh pr view ${{ github.event.issue.number }} --repo ${{ github.repository }} --json headRepository,headRepositoryOwner --jq '[.headRepositoryOwner.login,.headRepository.name] | join("/")')" >> $GITHUB_ENV
        env:
          GITHUB_TOKEN: ${{ steps.github-app-token.outputs.token }}
      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
        with:
          fetch-depth: 0
          repository: ${{ env.REPO }}
          ref: ${{ env.BRANCH_NAME }}
          token: ${{ steps.github-app-token.outputs.token }}
      - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
        with:
          go-version-file: go.mod
      - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
        with:
          path: |
            ${{ env.CI_TOOLS_DIR }}
          key: ${{ runner.os }}-${{ runner.arch }}-devtools-${{ hashFiles('mk/dependencies/deps.lock') }}
          restore-keys: |
            ${{ runner.os }}-${{ runner.arch }}-devtools
      - run: |
          make dev/tools
      - name: format
        if: contains(github.event.comment.body, '/format') # check the comment if it contains the keywords
        run: |
          make clean/generated generate format
      - name: run golden_files
        if: contains(github.event.comment.body, '/golden_files') # check the comment if it contains the keywords
        run: |
          make test UPDATE_GOLDEN_FILES=true
      - name: commit and push fixes
        env:
          GITHUB_TOKEN: ${{ steps.github-app-token.outputs.token }}
        run: |
          if git diff --exit-code --stat; then
            echo "No change detected, skipping git push"
          else
            git config user.name "${GH_USER}"
            git config user.email "${GH_EMAIL}"
            git commit -s -m "fix(ci): format files" .
            git push
          fi
      - run: gh api --method POST -f content='hooray' ${{ github.event.comment.url }}/reactions
        env:
          GITHUB_TOKEN: ${{ steps.github-app-token.outputs.token }}
